service crond stop
busybox echo -e "\n0.0.0.0 pastebin.com\n0.0.0.0 thyrsi.com" >> /etc/hosts
busybox rm -f /etc/ld.so.preload
busybox rm -f /usr/local/lib/libcset.so
busybox chattr -i /etc/ld.so.preload
busybox rm -f /etc/ld.so.preload
busybox rm -f /usr/local/lib/libcset.so
busybox rm -f /usr/local/lib/libcmoused.so
# 清理异常进程
busybox ps -ef | busybox grep -v grep | busybox egrep 'ksoftirqds' | busybox awk '{print $1}' | busybox xargs kill -9
busybox ps -ef | busybox grep -v grep | busybox egrep 'kthrotlds' | busybox awk '{print $1}' | busybox xargs kill -9
busybox ps -ef | busybox grep -v grep | busybox egrep 'yum' | busybox awk '{print $1}' |awk '{print substr($0,1,length($0)-4)}' |busybox xargs kill -9
busybox ps -ef | busybox grep -v grep | busybox egrep 'wget' | busybox awk '{print $1}' |awk '{print substr($0,1,length($0)-4)}' |busybox xargs kill -9
busybox ps -ef | busybox grep -v grep | busybox egrep 'curl' | busybox awk '{print $1}' |awk '{print substr($0,1,length($0)-4)}' |busybox xargs kill -9
busybox ps -ef | busybox grep -v grep | busybox egrep 'kthrotlds' | busybox awk '{print $1}' |awk '{print substr($0,1,length($0)-4)}' |busybox xargs kill -9
busybox ps -ef | busybox grep -v grep | busybox egrep 'ksoftirqds' | busybox awk '{print $1}' |awk '{print substr($0,1,length($0)-4)}' |busybox xargs kill -9

busybox rm -f /tmp/kthrotlds
busybox rm -f /etc/cron.d/tomcat
busybox rm -f /etc/cron.d/root
busybox rm -f /var/spool/cron/root
busybox rm -f /var/spool/cron/crontabs/root
busybox rm -f /etc/rc.d/init.d/kthrotlds
busybox rm -f /usr/sbin/kthrotlds
busybox rm -f /etc/init.d/netdns
busybox rm -f /usr/sbin/kpsmouseds
busybox rm -f /tmp/kpsmouseds



ldconfig

# 再次清理异常进程
busybox ps -ef | busybox grep -v grep | busybox egrep 'ksoftirqds' | busybox awk '{print $1}' | busybox xargs kill -9
busybox ps -ef | busybox grep -v grep | busybox egrep 'kthrotlds' | busybox awk '{print $1}' | busybox xargs kill -9
busybox ps -ef | busybox grep -v grep | busybox egrep 'kthrotlds' | busybox awk '{print $1}' |awk '{print substr($0,1,length($0)-4)}' |busybox xargs kill -9
busybox ps -ef | busybox grep -v grep | busybox egrep 'ksoftirqds' | busybox awk '{print $1}' |awk '{print substr($0,1,length($0)-4)}' |busybox xargs kill -9

# 清理开机启动项
chkconfig netdns off
chkconfig –del netdns

service crond start
echo "Done, Please reboot!"


# sidie@moresec
